Senior Cyber Security Engineer

Job Requirements:

·        Strong written and verbal communication skills.

·        Experience designing, implementing, and maintaining IT security systems to protect digital assets from malicious cyber-attacks.

·        Experience developing and implementing an annual Incident Response Training and Testing Program

·        Experience implementing, configuring, and administering SIEM and IDS products to ensure proper visibility into the environment and compliance requirements.

·        Ability to investigate, triage, contain, and mitigate complex cybersecurity events and incidents using various cyber security tools

·        Possess knowledge and experience across the information security domain such as Endpoint Security, SIEM, IDS/IPS, Packet Capture Analysis, Incident Response, and Cyber Threat Intelligence.

·        Hands-on experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and correlating diverse data sets.

·        Experience with designing, administrating, and maintaining tools such as:

o   Splunk

o   MS G5 Security tools suite,

o   Anti-virus solution such as Cylance,

o   Network Access Control through Cisco AnyConnect, 

o   Geofencing and asset management through Absolute, and 

o   Data loss prevention (DLP) through Symantec

Education/Certifications/Licenses:

• Bachelor of Science degree in computer science, programming, information systems, or related discipline
• GIAC Certified Intrusions Analyst (GCIA), GIAC Certified Incident Handler (GCIH) and Certified Information Systems Security Professional (CISSP) is preferred
• 5 years of experience in the Information Security, Cyber Network Defense or Cyber Security domain

·        Active Public Trust clearance or higher

Additional Experience Preferred:

·        The ideal candidate will be a versatile engineering subject matter expert comfortable with designing, deploying, and managing enterprise security solutions.

·        Knowledge of risk and how to measure risk with respect to IT systems.  

·        Knowledge of IT systems used in health care or health research.

·        Experience supporting post-incident recovery, conducting lessons learned with stakeholders, identifying recommended corrective action plans, and providing after action reports.

·        Experience supporting the coordination of incident management activities across relevant teams and keeping stakeholders abreast on response efforts.

·        Incorporate corrective action plans into the system POAM and risk management activities.

·        Coordinating testing of and updates to Incident Response Plans.

Position Responsibilities:

·        Actively search for Indicators of Compromise (IOC) and suspicious activity leveraging all provided tools such as Splunk, MS G5 Security tools suite, Cylance, Cisco AnyConnect, Absolute, and Symantec.

·        Develop, monitor, and maintain reporting, alerts and dashboards within Security Information Event Management (SIEM) tools to facilities identification of Indicators of Compromise (IOC) and facilitate threat detection and response activities.

·        Participate as a senior role in the Cyber Security Incident Response activities to employ strategy, standards, processes, and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.

·        Conduct open-source intelligence gathering including keeping abreast with threat landscape, CISA bulletins and alerts, and industry forums.

·        Work with various internal teams to identify gaps and expand coverage of endpoints, logging and network tooling to improve monitoring and response capabilities

·        Support the development of processes for identifying and responding to potential threats identified with the dashboards/reports, and facilitate risk reduction actions such as quarantining systems, processes, and accounts.

·        Review threat intelligence reports and feeds, make recommendations and lead implementations for profile or toolset changes based on reviews.